Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2023, 12:36
Static task
static1
Behavioral task
behavioral1
Sample
c9966d3b55a424cc510cd22af8015679.bin.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
c9966d3b55a424cc510cd22af8015679.bin.exe
Resource
win10v2004-20230703-en
General
-
Target
c9966d3b55a424cc510cd22af8015679.bin.exe
-
Size
1.8MB
-
MD5
c9966d3b55a424cc510cd22af8015679
-
SHA1
40e70cecc5563bdada2a1bc067dd146fd488c75a
-
SHA256
7a73fa7ca8f7caf895aafab3d6d082259fd89601bd78c085b45754d35b034e33
-
SHA512
724a25c4e95713e9e72c7a318358a0831e334db51eb826cf610e2ce75844fee9ddabea9d1489ec520f4ed0fa6e58e3436044496aaa60163b35448503a2c8b261
-
SSDEEP
49152:SkQTAAdQDOTC0wakdJ+J5DGfwNMiKw6id2l9gqumWD2/+H:SaAdQckdJ+JBGfwSip659IDD
Malware Config
Signatures
-
.NET Reactor proctector 33 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule behavioral2/memory/2980-137-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-138-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-140-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-142-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-144-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-146-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-148-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-150-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-152-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-154-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-156-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-158-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-160-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-162-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-164-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-166-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-168-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-170-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-172-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-174-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-176-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-178-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-180-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-182-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-184-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-186-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-188-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-190-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-192-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-194-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-196-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-198-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor behavioral2/memory/2980-200-0x0000000005220000-0x00000000054BD000-memory.dmp net_reactor -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2980 c9966d3b55a424cc510cd22af8015679.bin.exe